:construction: Retrying with auth during survey

backend/lib/plugins/user.js

@@ -16,6 +16,8 @@ const UserEmailRoute = require('../routes/user/email.js')
 const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
 const UserGenerateJWTRoute = require('../routes/user/generatejwt.js')
 const UserValidateJWTRoute = require('../routes/user/validatejwt.js')
+const UserCheckCache = require('../routes/user/check-cache.js')
+const UserByEmail = require('../routes/user/user-by-email.js')
 const UserPassword = require('../routes/user/authentication')
 
 const UserService = require('../services/user')
@@ -57,6 +59,8 @@ module.exports = {
         await server.route(UserVerifyEmailRoute)
         await server.route(UserGenerateJWTRoute)
         await server.route(UserValidateJWTRoute)
+        await server.route(UserCheckCache)
+        await server.route(UserByEmail)
         await server.route(UserPassword)
     },
 }

backend/lib/routes/user/check-cache.js

@@ -0,0 +1,57 @@
+'use strict'
+
+const Joi = require('joi')
+
+const pluginConfig = {
+    handlerType: 'email',
+    docs: {
+        get: {
+            description: 'checks if user email is in cache',
+            notes: 'Checks if user email is in email cache and returns boolean',
+        },
+    },
+}
+
+module.exports = {
+    method: 'POST',
+    path: '/checkcache/',
+    options: {
+        ...pluginConfig.docs.get,
+        tags: ['api'],
+        auth: false,
+        cors: true,
+        handler: async function (request, h) {
+            const { userService } = request.server.services()
+            const userEmail = request.payload
+            try {
+                const emailIsInCache = await userService.checkEmailCache(
+                    userEmail,
+                )
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: { emailIsInCache: emailIsInCache },
+                }
+            } catch (err) {
+                return {
+                    ok: false,
+                    handler: pluginConfig.handlerType,
+                    data: {
+                        error: err,
+                    },
+                }
+            }
+        },
+        validate: {
+            failAction: 'log',
+        },
+        response: {
+            schema: Joi.object({
+                ok: Joi.bool(),
+                handler: Joi.string(),
+                data: Joi.object(),
+            }).label('email_res'),
+            failAction: 'log',
+        },
+    },
+}

backend/lib/routes/user/user-by-email.js

@@ -0,0 +1,55 @@
+'use strict'
+
+const Joi = require('joi')
+
+const pluginConfig = {
+    handlerType: 'email',
+    docs: {
+        get: {
+            description: 'Fetches User Data by Email',
+            notes: 'Grabs the User Data by Email for use in survey validation',
+        },
+    },
+}
+
+module.exports = {
+    method: 'GET',
+    path: '/fetchbymail/{email}',
+    options: {
+        ...pluginConfig.docs.get,
+        tags: ['api'],
+        auth: false,
+        cors: true,
+        handler: async function (request, h) {
+            const email = request.params.email
+            const { userService } = request.server.services()
+            const data = await userService.findByUserEmail(email)
+            try {
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: data,
+                }
+            } catch (err) {
+                return {
+                    ok: false,
+                    handler: pluginConfig.handlerType,
+                    data: {
+                        error: err,
+                    },
+                }
+            }
+        },
+        validate: {
+            failAction: 'log',
+        },
+        response: {
+            schema: Joi.object({
+                ok: Joi.bool(),
+                handler: Joi.string(),
+                data: Joi.object(),
+            }).label('fetchbymail'),
+            failAction: 'log',
+        },
+    },
+}

backend/lib/services/user.js

@@ -104,6 +104,23 @@ module.exports = class UserService extends Schmervice.Service {
             .where({ user_name: username })
     }
 
+    /**
+     * Use knew to find first user with useremail
+     * @param {*} username
+     * @param {*} txn
+     * @returns
+     */
+    async findByUserEmail(userEmail, txn) {
+        console.log('userEmail :=>', userEmail)
+        const { User } = this.server.models()
+        const user = await User.query(txn)
+            .throwIfNotFound()
+            .first()
+            .where({ user_email: userEmail })
+        console.log('user :=>', user)
+        return user
+    }
+
     /**
      * Signup function
      * @param {*} param0
@@ -199,14 +216,14 @@ module.exports = class UserService extends Schmervice.Service {
     createToken(user) {
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
 
-        return Jwt.token.generate(
+        const token = Jwt.token.generate(
             {
                 aud: 'urn:audience:test',
                 iss: 'urn:issuer:test',
                 email: user.email,
                 name: user.name,
                 seeking: user.seeking,
-                profile_id: user.profile_id,
+                // profile_id: user.profile_id,
             },
             {
                 key: key,
@@ -218,6 +235,7 @@ module.exports = class UserService extends Schmervice.Service {
                 ttlSec: user.expiration,
             },
         )
+        return token
     }
 
     /**
@@ -271,6 +289,29 @@ module.exports = class UserService extends Schmervice.Service {
         return passwordRow ? passwordRow.token : null
     }
 
+    async checkEmailCache(userEmail) {
+        const hashedEmail = await hashEmail(userEmail)
+        const now = Date.now()
+        const expiration = this.hashedEmails[hashedEmail]
+        console.log('this.hashedEmails :=>', this.hashedEmails)
+        const emailIsInCache = Object.keys(this.hashedEmails).includes(
+            hashedEmail,
+        )
+        const emailIsExpired = now > expiration ? true : false
+        console.log('emailIsInCache :=>', emailIsInCache)
+        console.log('emailIsExpired :=>', emailIsExpired)
+        if (emailIsInCache && !emailIsExpired) {
+            return true
+        } else {
+            // try {
+            // delete this.hashedEmails[hashedEmail]
+            // } catch (err) {
+            // console.error('ERROR :=>', err)
+            // }
+            return false
+        }
+    }
+
     /**
      * Sends a Transactional Email via Brevo
      * @ returns {Object}

frontend/src/components/onboarding/Auth.vue

@@ -50,16 +50,13 @@ export default {
                 password: userPass.val,
             })
             const newUserId = newUser.user_id
-            const newProfile = await createProfileForUserId(
-                newUserId,
-                this.responses,
-            )
+            await createProfileForUserId(newUserId, this.responses)
             const jwt = await this.authenticator.generateJwt({
                 ...this.answered,
                 expiration: 60 * 10,
-                profile_id: newProfile.profile_id,
             })
-            document.cookie = `siimee_jwt=${jwt}; path=/verify; secure`
+            console.log('jwt :=>', jwt)
+            document.cookie = `siimee_session_verify=${jwt}; max-age=600; path=/verify; secure`
             await this.authenticator.sendAuthEmail(this.answered)
         } else {
             console.error('ERROR :=>')

frontend/src/services/auth.service.js

@@ -8,12 +8,14 @@ class Authenticator {
         const emailWasSent = await db.post('/user/sendemail/', answered)
         return emailWasSent
     }
-    // NOTE: these might be better suited as POST requests
+    async checkEmailCache(email) {
+        const emailIsInCache = await db.post('/user/checkcache/', email)
+        return emailIsInCache.emailIsInCache
+    }
     async verifyAuthEmail(hashedEmail) {
         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
         return isVerified.hashesMatch
     }
-    // TODO: this needs to generate the JWT with the RAW email
     async generateJwt(res) {
         const token = await db.post('/user/generatejwt', res)
         return token.jwt

frontend/src/services/user.service.js

@@ -1,3 +1,4 @@
+import { when } from 'joi'
 import { db } from '../utils/db.js'
 
 /**
@@ -14,4 +15,9 @@ const signupUser = async user => {
     return await db.post(`/user/signup`, payload)
 }
 
-export { signupUser }
+const fetchUserByEmail = async userEmail => {
+    console.log('userEmail :=>', userEmail)
+    return await db.get(`/user/fetchbymail/${userEmail}`)
+}
+
+export { signupUser, fetchUserByEmail }

frontend/src/views/OnboardingView.vue

@@ -35,6 +35,11 @@ main.view--onboarding
 
 <script>
 import { Authenticator } from '../services/auth.service.js'
+import { fetchUserByEmail } from '../services/user.service.js'
+import {
+    fetchProfilesByUserId,
+    fetchProfileByProfileId,
+} from '../services/profile.service.js'
 import { surveyFactory } from '@/utils'
 import { currentProfile } from '../services/'
 import stepViews from '@/components/onboarding'
@@ -54,11 +59,8 @@ export default {
         responses: [],
         currentStep: 0,
         survey: null,
-        currentProfileId: null,
         invalidResponse: false,
         authenticator: {},
-        sessionToken: '',
-        accessToken: '',
     }),
     computed: {
         cP() {
@@ -68,53 +70,38 @@ export default {
     async created() {
         this.survey = await surveyFactory.createSurvey()
         this.authenticator = new Authenticator()
-
         if (document.cookie.length) {
-            // TODO: Heavy Refactor needed, obvious code smells
-            // BUG: NEEDS BROWSER REFRESH AFTER VERIFYING EMAIL AND REDIRECT BACK TO ONBOARDING
-            // BUG: CURRENT IMPLEMENTATION HAS COOKIES THAT NEVER EXPIRE
-            const siimeeAnswered = this.grabCookie('siimee_answered')
-            const myCurrentStep = this.grabCookie('siimee_current_step')
-            const myCurrentAnswers = this.grabCookie('siimee_cache_answered')
-            const myCurrentResponses = this.grabCookie('siimee_cache_responses')
-            this.sessionToken = this.grabCookie('siimee_session') || ''
-            // TODO: START REFACTOR HERE...
-            if (siimeeAnswered) {
-                const siimeeAnswers = JSON.parse(siimeeAnswered)
-                const sessionTokenIsValid =
-                    await this.authenticator.validateJwt(this.sessionToken)
-                this.accessToken = this.grabCookie('siimee_access')
-                if (sessionTokenIsValid.isValid) {
-                    this.answered = {
-                        name: siimeeAnswers.name,
-                        email: siimeeAnswers.email,
-                        seeking: siimeeAnswers.seeking,
+            const sessionToken = this.grabCookie('siimee_session_onboarding')
+            if (sessionToken) {
+                const sessionData = await this.authenticator.validateJwt(
+                    sessionToken,
+                )
+                // NOTE: Left off here, INCOMPLETE, no ACCESS TOKEN yet, crazy amount of logic here...
+                if (sessionToken.isValid) {
+                    const userEmail = sessionData.payload.email
+                    const emailIsInCache =
+                        await this.authenticator.checkEmailCache(userEmail)
+                    if (emailIsInCache) {
+                        const user = await fetchUserByEmail(userEmail)
+                        const userId = user.user_id
+                        const profilesFromUserId = await fetchProfilesByUserId(
+                            userId,
+                        )
+                        let profileId
+                        if (profilesFromUserId.length === 1) {
+                            profileId = profilesFromUserId[0].profile_id
+                        }
+                        const profile = await fetchProfileByProfileId(profileId)
+                        profile.responses.forEach(response => {
+                            this.responses.push({
+                                response_key_id: response.response_key_id,
+                                val: response.val,
+                            })
+                        })
+                        this.currentStep = 6
+                        this.goToStep(this.currentStep)
                     }
-                    this.currentProfileId = siimeeAnswers.profile_id
-                    this.responses = [
-                        { response_key_id: 8, val: siimeeAnswers.email },
-                        { response_key_id: 7, val: siimeeAnswers.name },
-                        { response_key_id: 11, val: siimeeAnswers.seeking },
-                    ]
-                    document.cookie = `siimee_current_step=${this.currentStep}; max-age=600 ; path=/onboarding ; secure`
-                    document.cookie = `siimee_cache_answered=${JSON.stringify(
-                        this.answered,
-                    )}; max-age=600 ; path=/onboarding ; secure`
-                    document.cookie = `siimee_cache_responses=${JSON.stringify(
-                        this.responses,
-                    )}; max-age=600 ; path=/onboarding ; secure`
-                    document.cookie = 'siimee_answered='
-                    this.currentStep = 6
-                    this.goToStep(this.currentStep)
                 }
-            } else if (myCurrentStep) {
-                this.answered = JSON.parse(myCurrentAnswers)
-                this.responses = JSON.parse(myCurrentResponses)
-                this.currentStep = myCurrentStep
-                this.goToStep(Number(myCurrentStep) + 1)
-            } else {
-                this.currentStep = 0
-                this.goToStep(this.currentStep)
             }
         }
     },
@@ -122,47 +109,9 @@ export default {
         onSubmit() {
             console.log(JSON.stringify(this.answered))
         },
-        async goToStep(num, maxAge) {
-            maxAge = 600 // temp measure
-            document.cookie = `siimee_current_step=${Number(
-                this.currentStep,
-            )}; max-age=${maxAge} ; path=/onboarding ; secure`
-            document.cookie = `siimee_cache_answered=${JSON.stringify(
-                this.answered,
-            )}; max-age=${maxAge} ; path=/onboarding ; secure`
-            document.cookie = `siimee_cache_responses=${JSON.stringify(
-                this.responses,
-            )}; max-age=${maxAge} ; path=/onboarding ; secure`
-
-            if (num > 6) {
-                this.validateAccessToken()
-            }
+        async goToStep(num) {
             this.currentStep = num
         },
-        // TODO: Refactor to use cookie's max-age attribute instead of network call for jwt auth
-        async validateAccessToken() {
-            const validatedAccessToken = await this.authenticator.validateJwt(
-                this.accessToken,
-            )
-            if (!validatedAccessToken || !validatedAccessToken.isValid) {
-                const sessionTokenIsValid = await this.validateSessionToken()
-                if (!sessionTokenIsValid) {
-                    this.goToStep(0)
-                }
-            }
-        },
-        async validateSessionToken() {
-            const validatedSessionToken = await this.authenticator.validateJwt(
-                this.sessionToken,
-            )
-            if (!validatedSessionToken || validatedSessionToken.isValid) {
-                this.accessToken = await this.authenticator.generateJwt({
-                    ...this.answered,
-                    expiration: 60 * 3,
-                })
-                return true
-            } else return false
-        },
         grabCookie(cookieKey) {
             const cookies = document.cookie
                 .split('; ')
@@ -194,6 +143,8 @@ export default {
                 response.response_key_id = payload.question.response_key_id
                 response.val = payload.input
                 this.responses.push(response)
+                console.log('this.answered :=>', this.answered)
+                console.log('this.responses :=>', this.responses)
 
                 // sends latest survey response to db
                 if (this.currentProfileId) {

frontend/src/views/VerifyView.vue

@@ -5,9 +5,6 @@
 </template>
 
 <script>
-// NOTE: If the httponly flag is to be used with these cookies,
-// this file will need to be rewritten as an .html file due to the way
-// that Hapi sets cookies via the h.state() method
 import { Authenticator } from '../services/auth.service.js'
 export default {
     name: 'VerifyView',
@@ -19,34 +16,32 @@ export default {
         this.authenticator = new Authenticator()
         const hashEmail = this.$route.params.email
 
-        // TODO: generate a token on the backend here and have it sent over in
-        // the headers intead of setting it directly with document.cookie (see note above)
-
         const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
-        const siimeeToken = this.grabToken(document.cookie)
+        const siimeeToken = this.grabCookie('siimee_session_verify')
 
-        // TODO: Then send this token and receive a different token
-        const jwt = await this.authenticator.validateJwt(siimeeToken)
-        this.answers = jwt.payload
-        const accessToken = await this.generateAccessToken()
-        if (jwt.isValid && hashesMatch) {
-            const siimeeAnswers = JSON.stringify(this.answers)
-            document.cookie = `siimee_answered=${siimeeAnswers}; max-age=360 ; path=/onboarding; secure`
-            document.cookie = `siimee_session=${siimeeToken} ; max-age=360 ; path=/onboarding; secure`
-            document.cookie = `siimee_access=${accessToken}; max-age=360 ; path=/onboarding; secure`
-            this.$router.push('/onboarding')
+        if (siimeeToken) {
+            const jwt = await this.authenticator.validateJwt(siimeeToken)
+            if (jwt.isValid && hashesMatch) {
+                document.cookie = `siimee_session_onboarding=${siimeeToken}; max-age=600; path=/onboarding; secure`
+                document.cookie = 'siimee_session_verify='
+                this.$router.push('/onboarding')
+            }
+        } else {
+            console.error('ERROR :=>')
         }
-        // else {
-        // render ERROR message above or redirect to 404 (or both?)
     },
     methods: {
-        grabToken(cookieString) {
-            const cookies = cookieString.split('; ').reduce((prev, current) => {
-                const [name, ...value] = current.split('=')
-                prev[name] = value.join('=')
-                return prev
-            }, {})
-            return 'siimee_jwt' in cookies ? cookies['siimee_jwt'] : undefined
+        grabCookie(cookieKey) {
+            const cookies = document.cookie
+                .split('; ')
+                .reduce((prev, current) => {
+                    const [name, ...value] = current.split('=')
+                    prev[name] = value.join('=')
+                    return prev
+                }, {})
+            return `${cookieKey}` in cookies
+                ? cookies[`${cookieKey}`]
+                : undefined
         },
         async generateAccessToken() {
             const accessJwt = await this.authenticator.generateJwt({